Wireless router with no security set - how dangerous?

I have a bunch of friends who use a
wireless router (on a DSL line) to access the Internet
when at a
timeshare. It's a Linksys WRT54G, configured with no password, no encyrption, and the network's name is still Linksys.
How dangerous is that, in reality?

This is in a rural but not
&quot;isolated&quot; setting, with a few houses nearby.
The place has a permanent computer, and friends bring their notebooks.
I've suggested the router should be configured to WPA, with a simple password and unique network name, but nobody thinks it's necessary. They say, &quot;The router has a firewall, and besides we all have antivirus programs of one brand or another. And if someone sits in our driveway and uses the Internet for awhile, so what?&quot;
I'll grant that ease of connection and compatibility are important, and there's nothing at all worth swiping from the place's own computer. It's the other connected computers' security
that concerns me, and possibly someone planting a worm or something on the main box.

Re: Wireless router with no security set - how dangerous?

Several points are relevant:-<ul>[*]The router will provide uncontrolled access to the Internet for anyone who is in range. The danger from this is:-

they eat up your bandwidth by downloading large amounts of data (eg DVD's etc) and this could either cost you money or maybe slow your Internet access to dial up speeds.

the unknown user could access sites which might attract police attention (child pornography) and you will be targeted when the authorities come looking because they track the IP address of the router, not the computer doing the access.

[*]being unencrypted, anyone can listen into and capture any traffic between any of the computers on the wireless network and the router by using packet sniffing software. The data that could be captured is everything that is not encrypted and could include passwords to e-mail accounts and subscription service accounts (like this Zone Alarm forum) as well as confidential conversations between people using instant messenger programs like MSN and Yahoo Messenger.[*]Getting access to the computers on the wireless network is difficult but still possible for anyone who knows what they are doing - especially if they can sit watching packets containing unencrypted information.[/list]
The very minimum security you should have is:-
<ul>[*]WEP key access using 128-bit (ie 13-character) access control.[*]A high quality router access password.[*]A unique SSID (the name which identifies the network) rather than the default name that comes with the router.[/list]
Other desirable features:-<ul>[*]Router administration pages should be set so that access can only be done from within the LAN and if possible, only via a wired connection.[*]MAC address filtering to specifically identify devices which will be allowed access to the Wireless network (although this is not a foolproof filtering method and may be more trouble than its worth).[*]Suppression of broadcasting of the SSID.[*]Lowering the transmission power to restrict the radius of reception to the vicinity of the house.[/list]
Not all routers provide all these features but without any protection, its not a question of if, but when your network will be compromised.

Re: Wireless router with no security set - how dangerous?

Thanks, I'll pass your notes along. I suppose the biggest threat might be from some neighbor kid's overcurious friend, but, to my thinking, security is security.
I've found
it helpful to read the &quot;How to Secure Your Network&quot; page at
LinkSys.com

(It's a cryptic dynamic URL, so I'm not sure I can paste it confidentially here. Navigate to Learning Center&gt;Network Security).
About hiding the SSID, though (which Linksys also recommends). I read somewhere that if Windows can't find the intended network (because the SSID isn't broadcast), it might automatically log onto the first unrestricted network it can find. Obviously we don't want that. Any validity to this?
And is even WEP sufficient? I heard that those guys who stole millions of account numbers from a major retail chain initially succeeded because a single store was still using years' old WEP encryption instead of WPA.
But I suppose WEP would pose fewer connectivity issues with our various people's computers?
Anyway, I'll point out that anything it's better than nothing.
Agreed that wired connection would be more secure, but that's not going to happen.
Ditto for identifying the MAC addresses of specific allowed computers.

Re: Wireless router with no security set - how dangerous?

WEP is sufficient if you use 128-bit but WPA is more secure. It depends on how paranoid you are and whether you really need to turn your PC into Forth Knox. Like everything in life, its all about risk managemnt.